Save Article

U.S. Backs Talks on Cyber Warfare

The chief of the Pentagon's new cyber-security command on Thursday endorsed talks with Russia over a proposal to limit military attacks in cyberspace, representing a significant shift in U.S. policy.

The U.S. has for years objected to Russian proposals to establish a kind of arms-control treaty for cyber weapons, arguing that international cooperation should first focus on reducing cyber crime. Russia has been working to marshal support for a United Nations treaty to limit the use of cyber weapons, such as software code that could destroy an enemy's computer systems.

"What Russia's put forward is, perhaps, the starting point for international debate," Gen. Keith Alexander said Thursday at the Center for Strategic and International Studies, a Washington think tank. "It's something that we should, and probably will, carefully consider."

In the past, the U.S. has also frowned on Russian proposals because a treaty wouldn't necessarily prohibit countries from using third parties to conduct cyber warfare. Cyber-security specialists say Russia and China rely on proxy groups to conduct attacks on enemies, as Russia allegedly did in 2008 against Georgia. China and Russia deny such accusations.

The Obama administration has begun to reconsider its position on the issue as it emphasizes engagement with U.S. adversaries across a range of national-security issues.

Administration officials have made low-level overtures to Russian officials in the last couple of months, according to people familiar with the matter. Russian officials also visited the U.S. late last year to meet with State Department, Homeland Security and law-enforcement officials to discuss cyber-security matters.

Gen. Alexander's remarks were the first public comments from a U.S. official indicating a new openness to negotiations. "We do have to establish the lanes of the road" for what governments can and can't do in cyberspace, he said. The administration should take the Russian proposal and use it to develop a counterproposal, he added.

"It shows a major shift in administration thinking and could be interpreted as an overture" to the Russians, said James Lewis, who directed an influential cyber-security report for CSIS.

Gen. Alexander's comments could help tamp down concerns many foreign governments have privately expressed regarding the intentions of the Pentagon's new Cyber Command, Mr. Lewis said. Some fear it will be a mechanism for the U.S. to dominate cyberspace. The U.S. has said the Cyber Command is primarily focused on protecting military networks and conducting military operations in cyberspace.

Gen. Alexander, who also serves as director of the National Security Agency, sought to allay similar concerns about the Cyber Command's impact on domestic privacy.

Cyber Command, if asked, would provide "support" to the Department of Homeland Security to protect networks running the government or key infrastructure, he said. The military also has a strong interest in ensuring the security of some private networks, such as power, because 90% of the military's power is provided by the private sector, he said.

Privacy concerns "are valid," he said, but the public shouldn't be worried about NSA working closely with Cyber Command because NSA officials are trained to follow "robust and rigorous procedures" to protect Americans' privacy.

He acknowledged the need to earn public confidence, noting that he has four daughters who are heavy Internet users, and he wants to protect their privacy, too. "The real key to the issue is: How do we build the confidence that we're doing it right with the American people, Congress and everyone else?" he said. "That's going to be the hard part."

The government too has to work hard to protect its cyber secrets. The government was spurred to improve protections for its military networks, Gen. Alexander said, after a series of breaches of classified systems in 2008. In comments after his speech, he also acknowledged for the first time publicly, that the military's Joint Strike Fighter weapons program had been infiltrated and data had been stolen. The Wall Street Journal reported that breach last year.